Re: SSL Deep Inspection broken?
To stay with your example, boneyard:
clients are in 10.10.0.0/24
there is a policy 10.10.0.0/24 to internet via sd-wan with webfilter and SSL Deep Inspection enabled.
these clients have the issue I mentioned.
For testing I now used my client here (as windows and av is the same). Let's say my client has 10.10.0.1.
So I created a policy 10.10.0.1 to internet via sd-wan with webfilter and SSL Deep Inspetion enabled. I placed this before the above policy to have it match first (as policies are first come first serve).
On my Client everything worked fine. I didn't encounter the above issue with Deep Inspection.
I also did the same at annother side before just wth a vm instead of a physical client. Thus the vm has the same setup, it is just a virtual client for testing purposes. I did not encounter the issue there too.
What now came to my mind is that this could be a 5.6.11 only issue since in the meantime I've upgraded some FGT to 6.0.7 (or now to 6.0.8). Among those is ours here where my client is connected.
So could be that this is gone in 6.x probably. I might have to test this again when I've finished updating all FGT and the adom in Fortimanager. Before that I cannot roll out anything centrally.